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(54) Universal authentication mechanism 

(57) A universal authentication mechanism for au- 
thenticating a user to a service provider (SP) is dis- 
closed. An application device (ApD) requests a service 
for the user from the service provider (SP) and performs 
a transmission of a user identity (S10) identifying the 
user to the service provider (SP). The service provider 
sends a request for confirmation of the user identity 
"(S20) to an authentication server (AS). The request 
comprises the user identity and a service identity iden- 



tifying the requested service. The authentication server 
(AS) sends a request for service authentication (S50) to 
the authentication device (AuD) for confirmation. Based 
on the result of an analysis (S80) of a service authenti- 
cation confirmation (S60) received from the authentica- 
tion device (AuD), the authentication server (AS) sends 
a confirmation of the user identity (S90) confirming the 
identity of the user to the service provider (SP), which 
grants service access (S100). 
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Description 

[Technical field of the invention] 

[0001 ] The present invention relates to the field of ac- 
cess authorization, especially to a method for authenti- 
cation of a user to a service provider, wherein an appli- 
cation device requests a service for the user from the 
service provider and the service provider requests an 
authentication of the user by an authentication server 
before granting access to the requested service. The in- 
vention also concerns an authentication server and a 
computer program loadable into an authentication serv- 
er. 

[Background of the invention] 

[0002] An increasing number of applications or serv- 
ices in the real as well as the virtual world like the Inter- 
net require authorization in order to get service access. 
For granting service access to a user, first of all the iden- 
tity of the user must be verified or proved to the provider 
offering the service. This procedure is generally under- 
stood as the authentication of a user to a service pro- 
vider. Examples for such applications or services are a 
login to a web server for information access, login to a 
Personal Computer (PC) or workstation, login to a cor- 
porate network or an Intranet, automated payment 
transactions, and also access to buildings, cars, and au- 
tomated teller machines (ATMs). 
[0003] In another example, to get access to a door, a 
personal identification number (PIN) has to be entered 
by the user, typically into a keypad located close to the 
door. The input number is checked and access is grant- 
ed if the number is found to be valid, e.g. the by checking 
if the entered number matches a number stored in a 
- memory. An alternative authentication mechanism for a 
door-opener is a magnetic card which has to be entered 
into a card reader mounted in the vicinity of the door. In 
- this example, the card reader reads out the data stored 
on the magnetic card and checks, e.g. the correctness 
and validity of the data. 

[0004] Magnetic or chip cards and card readers are 
also used for ATMs. Before getting access to an offered 
service, e.g. bank account monitoring, retrieving cash 
from an account, or payment transactions from an ac- 
count to another account, the user has to enter his card 
into the card reader and to type in a PIN for authentica- 
tion not only the device but also the user to the ATM. 
The combination of the card with the PIN enhances the 
security of the authentication mechanism compared to 
access situations wherein only one mechanism is used, 
e.g. only a card with card reader or only a PIN with key- 
pad. Generally, the combination or concatenation of se- 
curity mechanisms makes the authentication procedure 
more secure but requires more effort, e.g. by the user 
who has to handle a card and a PIN, or by the devices 
which become more complicated and may suffer from 



2 

increased processing expense for carrying out the au- 
thentication procedure. 

[0005] An authentication mechanism for getting serv- 
ice access on an open computer network consisting of 
5 distributed user workstations and distributed and/or 
centralized servers is Kerberos® (see e.g. W. Stallings, 
"Network and Internet Security", Englewood Cliffs, NJ, 
Prentice-Hall, 1995, chapter 8.1). A Kerberos® system 
consists basically of a workstation of a user, a server, e. 
10 g. of a service provider, and a Kerberos® server com- 
prising an authentication server and a ticket-granting 
server. The authentication server stores the passwords 
of all users and services in a secure database and is- 
sues tickets to users being already authenticated to the 
15 authentication server for getting access to the ticket- 
granting server, which supplies the user with tickets for 
multiple service access. A ticket contains the identity of 
the user, a session key, a time stamp, and other infor- 
mation , all encrypted by a secret key of the server of the 
20 service provider. 

[0006] The basic Kerberos® authentication process 
for authenticating the user to the service provider pro- 
ceeds as follows: the user logs on to a workstation, e.g. 
by entering a user identity and a password, and sends 
a request to the Kerberos® server requesting creden- 
tials for a given server of the service provider. The cre- 
dentials consist of a ticket for the server of the service 
provider and a session key. The Kerberos® server re- 
sponds with these credentials being encrypted with the 
user's key. The user decrypts the credentials and trans- 
mits the ticket to the server of the service provider to- 
gether with a copy of the session key, all encrypted by 
the server's key, for authentication of the user to the 
service provider. 

[0007] An online user authentication service is provid- 
ed by Microsoft® Passport (see http://www. passport, 
com), especially for authentication to Internet services, 
e.g. access to web pages or Internet shopping. As a pre- 
requisite, the user and the service provider have to sub- 
scribe to the authentication service and user and service 
provider related data are stored in the database of an 
authentication server. When the user logs into his PC or 
a wireless device supporting the Wireless Application 
Protocol (WAP) and demands access to a web page en- 
abled to the authentication service, the user is redirect- 
ed to the authentication server. In parallel, the service 
provider transmits a service provider identity and the as- 
sociated internet address to the authentication server. 
The authentication server checks if an entry in the da- 
tabase is matched and authenticates the service provid- 
er. Similarly, the user authenticates himself to the au- 
thentication server by submitting his user identity and a 
password. Subsequently, the authentication server ex- 
tracts an authentication identifier attributed to the user 
for authenticating the user to the service provider and 
incorporates the authentication identifier into an en- 
crypted cookie. The cookie is stored on the PC of the 
user and an encrypted ticket comprising the authentica- 
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tion identifier is sent to the service provider for authen- 
tication of the user. After decryption of the ticket and ex- 
traction of the authentication identifier, the user is au- 
thenticated to the service provider and access to the 
service is granted to the user. 5 
[0008] Authentication mechanisms as described 
above have in common that they aim to and are opti- 
mized for a specific access situation, e.g. only for login 
to a PC or network, or only for access to a service on 
the Internet, or only for access to a building, or only for 10 
access to an ATM. Applying such an authentication 
mechanism to another access situation fails. One rea- 
son for the non-interoperability of different authentica- 
tion mechanisms is ascribed to the different technolo- 
gies used for authentication, e.g. cards, PINs, or pass- is 
words. Even in the case that different authentication 
mechanisms make use of the same technology, different 
service providers typically require different peculiarities, 
e.g. typically a credit card cannot be used in the card 
reader in order to get access to a building. This situation 20 
is not very convenient for the user as he has to remem- 
ber a large number of PINs, passwords, user names or 
aliases, and has to carry a large number of physical ac- 
cess devices like plastic cards or physical keys for ac- 
cess to buildings and cars. Especially the large number 25 
of PINs and passwords result in a very high access re- 
jection rate, because users are simply not able to re- 
member all the codes or mix them up. In addition, phys- 
ical access devices can get lost or forgotten somewhere 
or be damaged in day-to-day use, preventing the user 30 
to get access. 

[0009] Biometric authentication mechanisms provide 
a way to overcome these problems, because a biometric 
data set derived for example from a finger print or an iris 
of the user, is unambiguously linked to the individual us- 35 
er. However, the main problem with biometrics is that 
the biometric data set cannot be changed. If a biometric 
data set is disclosed, e.g. by a photocopy of a fingerprint, 
there are no means to generate a new set. Consequent- 
ly, either the user is excluded from further access to 40 
services based on biometric authentication or the pos- 
sibility of misuse arises. 

[Summary of the invention] 

45 

[0010] It is an object of the present invention to pro- 
vide an improved method, authentication server and 
computer program loadable into an authentication serv- 
er, which enable a secure and convenient authentication 
of a user to a service provider for a large variety of ac- 50 
cess situations. 

[0011] This object is achieved by the method as de- 
scribed in claim 1 . Furthermore, the invention is embod- 
ied in an authentication server as described in claim 13 
and a computer program loadable into an authentication 55 
server as described in claim 20. Advantageous embod- 
iments are described in the further claims. 
[0012] In the proposed method, an application device 



requests a service for a user from a service provider. 
Before granting access to the user, the service provider 
requires an authentication of the user. The authentica- 
tion to the service provider may be initialized by the serv- 
ice provider or the user. The proposed authentication 
method starts with the transmission of a user identity to 
the service provider. The user identity identifies the user 
and can consist of a name or a number or any other kind 
of identifier known by the service provider. The service 
provider sends a request for confirmation of the user 
identity to an authentication server. The request for con- 
firmation of the user identity comprises the user identity 
and a service identity for identification of the user and 
the requested service to the authentication server, re- 
spectively. As in the case of the user identity, the service 
identity can consist of a name or a number or any other 
kind of identifier. Depending on the implementation of 
the proposed method, e.g. of the subscription or regis- 
tration of the service provider to the authentication serv- 
er, this identifier indicates not only the requested service 
but also the service provider. 

[001 3] The authentication server generates a req uest 
for service authentication and transmits the request to 
an authentication device of the user. The request for 
service authentication indicates the requested service 
to the authentication device and preferably to the user. 
The authentication device generates a service authen- 
tication confirmation confirming the request for service 
authentication and sends the service authentication 
confirmation to the authentication server. The authenti- 
cation server performs an analysis of the service au- 
thentication confirmation, e.g. it is checked if the request 
for service authentication has been correctly acknowl- 
edged by the authentication device or if the service au- 
thentication confirmation is received within a pre-de- 
fined time limit after issuing the request for service au- 
thentication. If the analysis fails, the authentication serv- 
er may repeat the transmission of a request for service 
authentication or may terminate the authentication pro- 
cedure. Preferably, the authentication server informs 
the parties about the termination. 

[0014] After successful completion of the analysis, the 
authentication server sends a confirmation of the user 
identity to the service provider. The confirmation of the 
user identity confirms the request for confirmation of the 
user identity issued by the service provider. Based on 
the received confirmation of the user identity, the service 
provider finally grants service access to the user or can 
request additional information before granting service 
access, e.g. a credit card number of the userforservices 
charging costs to the user. 

[0015] In the proposed method, separate devices for 
the application of the service and authentication of the 
user are used. In addition, an authentication server is 
introduced which stores and manages identities of serv- 
ice providers and users. The authentication server es- 
tablishes a trusted relationship between the service pro- 
vider and the authentication server and between the us- 
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er and the authentication server and hence ; between 
the service provider and the user. The authentication 
server presents the requested service to the authenti- 
cation device and requests a confirmation of the re- 
quested service. The user has to transmit only the user 
identity and a confirmation and a large number of pass- 
words can be avoided: Identities involved in the method 
can be changed ! e.g. by the user or the service provider, 
therefore preventing misuse if one of the identities is dis- 
closed. Owing to the fact that the authentication device 
can be separated from the application device, the au- 
thentication device and thus the method can be adapted 
to serve a large variety of access situations and a large 
number of different application devices. The proposed 
method makes the authentication very secure and very 
convenient especially for the user, because a single au- 
thentication service can authenticate him to one or more 
services or service providers for a large variety of ac- 
cess situations and application devices without having 
to remember a bunch of passwords or carrying a 
number of physical access devices. In addition, the 
method ensures the authenticity of the requested serv- 
ice to both, the user and the authentication server 
[0016] According to a preferred embodiment of the 
method, an authentication is performed between at least 
one pair of devices from a group comprising the pairs: 
the application device and the service provider, the serv- 
ice provider and the authentication server, and the au- 
thentication server and the authentication device. Pref- 
erably, a mutual authentication between said pairs of de- 
vices is established enhancing further the security of the 
method. Authentication can be achieved e.g. by a Se- 
cure Sockets Layer (SSL) Protocol. 
[0017] Preferably, a verification of at least one of the 
identities comprising the user identity and the service 
identity is performed. The verification can be performed 
' by the device receiving an identity, e.g. the service pro- 
vider receiving the user identity or the authentication 
server receiving the user identity and the service identity 
or the authentication device receiving the service iden- 
tity for indicating the requested service. The verification 
comprises an analysis of an identity, e.g. the device re- 
ceiving an identity checks if the identity matches a re- 
spective entry in a database. If there is no entry in the 
database, the receiving device may terminate the au- 
thentication procedure or may alternatively contact the 
party whose entry is missing, e.g. for requesting a sub- 
scription or registration to the authentication service. 
Another part of the verification is the processing of an 
identifier associated with an identity. The identifier used 
for identifying the user to the service provider can be 
identical or can be different from the identifier used for 
identifying the user to the authentication server. The 
same applies for the identifiers associated with the serv- 
ice provider identity for identifying the service to the au- 
thentication server and the authentication device. For 
the case, that the respective identifiers of an identity are 
identical, the identifier can be simply forwarded. Other- 



wise, a conversion of the identifier is performed before 
transmission. Such a conversion can be accomplished 
by a look-up table. For the service provider, this loo k-up 
table can comprise the correlation of the user identities 
5 as registered to the service provider and the auth enti- 
cation server, e.g. being a name of the user and a reg- 
istration number, respectively. For the authentication 
server, such a look-up table may be introduced fo r the 
service identities as registered to the authentication 
10 server and for identification to the user. The verification 
makes the proposed method more secure and flexible, 
because it allows a flexible adaptation of the method 
when changing an identity or identifier, e.g. when the 
respective identity or identifier gets disclosed. 
15 [0018] Preferably, an address of the authentication 
device is attributed to the user identity. Dependin g on 
the implementation of the method, the address can be 
collected from the user during registration to the authen- 
tication service or can be assigned by the authentication 
service. The address is preferably stored in a secure da- 
tabase accessible by the authentication sever. For re- 
trieving the address, the user identity and the address 
can be correlated, e.g. by a look-up table. The authen- 
tication server can then identify and select the address 
from the database based on an analysis of the user iden- 
tity. This analysis can be executed while executing the 
verification of the user identity, e.g. by searching the da- 
tabase for the user identity and retrieving a respective 
entry for an address attributed to the user identity. The 
look-up table may be not restricted to a one-to-one re- 
lationship between a user identity and an address but 
can comprise also more than one address per user iden- 
tity, e.g. if the user has different addresses for business 
or private services. The proposed management of the 
address of the authentication device by the authentica- 
tion server allows a very flexible implementation of the 
authentication service for many service solutions. Fur- 
thermore, an easy replacement of an address is possi- 
ble if an authentication device gets lost. 
[0019] According to a preferred embodiment, the au- 
thentication server identifies itself to the user by sending 
a keyword to the authentication device of the user. The 
keyword is attributed to the user identity and can be set 
by the user during the registration to the authentication 
server. The keyword can be a name, number or any oth- 
er kind of identifier like a text or a signature or a record 
of the user's voice. An advantageous embodiment is a 
keyword that can be changed by the user, e.g. in pre- 
defined intervals or on request. As in the case for the 
address, the keyword can be stored in a look-up table 
in a secure database. The authentication server can re- 
trieve the keyword from the database based on an anal- 
ysis of the user identity. This analysis can be executed 
while executing the verification of the user identity, e.g. 
by searching the database for the user identity and re- 
trieving a respective entry for a keyword attributed to the 
user identity. The keyword is sent to the authentication 
device, where it is indicated to the user, e.g. on a display 
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or by voice output. The introduction of the keyword 
makes the method even more secure and trustful, be- 
cause it proves the identity of the authentication server 
requesting a service authentication to the user. If the us- 
er has doubt about the authenticity of the authentication s 
server, he may terminate the service access. 
[0020] According to a preferred embodiment, the key- 
word is included into the request for service authentica- 
tion, which reduces the number of individual messages. 
In addition, the combination and concatenation of secu- 10 
rity features makes the method more secure, because 
it is more difficult to interfere. 

[0021] Preferably, an encryption is applied to at least 
one of the identities or confirmations or requests. Sent 
information like identities or confirmations or requests *s 
can be encrypted by the sending entity and received in- 
formation can be decrypted by the receiving entity. This 
prevents an eavesdropper from gaining access to the 
exchanged information. The security of the method can 
be further enhanced if a signature is applied to at least 20 
one of the identities or confirmations or requests. Sent 
information can be signed and received information can 
be authenticated by applying an appropriate key. Both, 
symmetric as well as asymmetric encryption methods 
can be used for encryption and signatures. Keys asso- 25 
ciated with an encryption method can be exchanged 
during registration to the authentication service or can 
be exchanged within the proposed authentication meth- 
od, e.g. by an additional message or in a dialog. Prefer- 
ably, a time stamp is applied to at least one of the iden- 30 
tities or confirmations or requests. For sent information 
a time stamp may be added with the time stamp indicat- 
ing the date of issue or validity of the corresponding in- 
formation. Preferably, a reliable time source is used for 
the processing of time stamps. At the receiving entity, 35 
the time stamp may be analyzed, e.g. it can be checked 
* if the information has been received within a certain time 
limit. The introduction of time stamps enhances the se- 
curity of the method as it prevents replay attacks. Ex- 
tended protection can be achieved for a combination or 40 
concatenation of encryption or signatures or time 
stamps. Multilevel encryption or hashing are examples. 
[0022] According to a preferred embodiment, the gen- 
eration of the service authentication confirmation or the 
transmission of the service authentication confirmation 45 
requires an entering of a password. The password can 
be a personal identification number (PIN), a name or any 
other kind of identifier attributed to the user and can be 
used for authentication of the user to the authentication 
device and thus to the authentication server. The pass- so 
word can be entered when activating the authentication 
device. Preferably, the password is entered for confirm- 
ing the request for service authentication. As a conse- 
quence, the service authentication confirmation may be 
signed for authenticating the user to the authentication ss 
server. At the authentication server, the signed service 
authentication confirmation can be processed for au- 
thentication by applying an appropriate key. The key 



may be stored in a database accessible by the authen- 
tication server, e.g. as a look-up table correlating th e key 
with the user identity. Depending on the implementation, 
both symmetric and asymmetric encryption methods 
can be used for signing the service authentication con- 
firmation and processing of the signed service authen- 
tication confirmation. Alternatively, the entering of the 
password may authorize the authentication device to re- 
lease the service authentication confirmation for trans- 
mission to the authentication server. The introduction of 
the password proves the identity of the user operating 
the authentication device to the authentication server 
and prevents misuse, e.g. by another person who may 
get unauthorized access to the authentication device. 
[0023] Preferably, the authentication device is a mo- 
bile phone providing a maximum of flexibility to the user. 
This applies also for other mobile devices providing the 
functionality of a mobile phone, e.g. a smart phone. 
Nowadays, mobile phones are widely used and have a 
high public acceptance and often offer access to mobile 
data services. It is very convenient for the user to have 
a mobile phone as authentication device instead of car- 
rying multiple devices for different services. An addition- 
al advantage is, that the security mechanisms imple- 
mented by an operator in a mobile communication net- 
work are generally very high. Exchange of information 
over such a network provides a further enhancement of 
the security of the proposed method. 
[0024] According to a preferred embodiment, the ap- 
plication device is a computer. Such a computer can be 
a stationary or mobile device, e.g. a PC, a workstation, 
a laptop or notebook, a pocket PC, or a personal digital 
assistance (PDA), attachable for example to a corporate 
computer network, the Internet or a wireless network for 
communicating at least with the service provider. The 
proposed method can also facilitate the login into a com- 
puter. Correlatively, the requested service is access to 
the computer which serves in this scenario simultane- 
ously as application device and service provider. 
[0025] According to another preferred embodiment, 
the application device is a payment device. A payment 
device is used for payment applications and can be an 
automated teller machine (ATM) offering banking serv- 
ices as bank account monitoring, retrieving money from 
a bank account, or the execution of a payment transac- 
tion. The payment device can be used in an electronic 
payment service enabling financial transactions, e.g. 
from one user to another user or institution, e.g. for 
transferring electronic cash from one person to another 
person or from one person to a stationary or mobile ven- 
dor, respectively. 

[0026] According to another preferred embodiment, 
the application device is a physical access unit with a 
unit for data entry. The physical access unit can be a 
door or window, e.g. of a building, room, department in 
a company, or a vehicle. It can be also any other physical 
device where an authentication of the user is demanded 
before access to the physical device is granted, e.g. a 
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steering wheel of a vehicle or an apparatus in a produc- 
tion facility. A unit for data entry is associated with the 
physical access unit. The unit for data entry is used to 
enter the user identity into the application device and 
can be a keypad or an Infrared (IR) or Bluetooth inter- 
face or any other kind of wired or wireless interface ap- 
plicable for entering the user identity into the unit for data 
entry. For the case of an IR or Bluetooth interface, the 
user employs an IR- or Bluetooth equipped device, e.g. 
a mobile phone, in order to get access to the corre- 
sponding interface of the unit for data entry and to trans- 
fer the user identity. In addition, also supplementary in- 
formation can be exchanged via the IR or Bluetooth in- 
terface, e.g. a status report stating user identity, time 
and identity of requested service. Access to the physical 
data unit can be provided when the user is authenticated 
to the service provider who is for example controlling a 
door. In this regard, the service provider can grant ac- 
cess to the requested service by unlocking the door by 
an electronically activated door-opener. 
[0027] The present invention does also relate to an 
authentication server, which can be adapted to all em- 
bodiments of the method as described before. The au- 
thentication server comprises a receiving unit, a trans- 
mitting unit, and a processing unit. The receiving unit is 
adapted to receive a request for confirmation of a user 
identity from a service provider. The request comprises 
the user identity identifying a user and a service identity 
identifying a service of the service provider. The 
processing unit is adapted to generate a request for 
service authentication indicating the service to an au- 
thentication device of the user. The transmitting unit is 
adapted to send the request for service authentication 
to the authentication device. The receiving unit is adapt- 
ed to receive a service authentication confirmation from 
the authentication device. The service authentication 
•"confirmation confirms the request for service authenti- 
cation. The processing unit is adapted to execute an 
analysis of the received service authentication confir- 
* mation and to generate a confirmation of the user iden- 
tity according to the result of the analysis. The confirma- 
tion of the user identity confirms the identity of the user 
to the service provider. The transmitting unit is adapted 
to send the conf irmation of the user identity to the serv- 
ice provider. 

[0028] According to a preferred embodiment of the 
authentication server, the processing unit is adapted to 
execute an authentication with at least one device from 
a group comprising the service provider and the authen- 
tication device and to exchange messages for the au- 
thentication via the receiving unit and the transmitting 
unit. 

[0029] According to another preferred embodiment of 
the authentication server, the processing unit is adapted 
to execute a verification of at least one of the identities. 
[0030] According to another preferred embodiment of 
the authentication server, an address of the authentica- 
tion device is attributed to the user identity. The process- 



ing unit is adapted to retrieve the address from a data- 
base based on an analysis of the user identity. 
[0031 ] According to another preferred embodiment of 
the authentication server, a keyword for identifying the 

5 authentication server to the authentication device is at- 
tributed to the user identity The processing unit is adapt- 
ed to retrieve the keyword from a database based on an 
analysis of the user identity and the transmitting u nit is 
adapted to send the keyword to the authentication de- 

10 vice. 

[0032] According to another preferred embodiment of 
the authentication server, the processing unit is adapted 
to apply an encryption or signature or time stamp to at 
least one of the identities or confirmations or requests 

15 or to process encrypted or signed identities or confirma- 
tions or requests or to analyze a time stamp comprised 
in an identity or confirmation or request 
[0033] According to another preferred embodiment of 
the authentication server, the receiving unit and the 

20 transmitting unit are connectable to a mobile communi- 
cation system. 

[0034] The present invention also concerns a compu- 
ter program loadable into a processing unit of an au- 
thentication server. The computer program comprises 

25 portions of software codes in order to implement the 
method as described above when operated on the au- 
thentication server. The computer program can be 
stored on a computer readable medium. The computer- 
readable medium can be a permanent or rewritable 

30 memory within authentication server or located exter- 
nally. The computer program can be also transferred to 
the authentication server for example via a cable or a 
wireless link as a sequence of signals. 
[0035] The computer program is adapted to perform 

35 the steps of processing of a request for confirmation of 
a user identity from a service provider with the request 
comprising the user identity identifying a user and a 
service identity identifying a service of the service pro- 
vider, generating a request for service authentication in- 

40 dicating the service to an authentication device of the 
user, initializing of a transmission of the request for serv- 
ice authentication to the authentication device, execut- 
ing an analysis of a service authentication confirmation 
from the authentication device with the service authen- 

45 tication confirmation confirming the request for service 
authentication, generating a confirmation of the user 
identity according to the result of the analysis, the con- 
firmation of the user identity confirming the identity of 
the user to the service provider, initializing a transmis- 

50 sion of the confirmation of the user identity to the service 
provider. 

[0036] According to a preferred embodiment of the 
computer program, the computer program is adapted to 
generate and process messages for an authentication 
55 with at least one device from a group comprising the 
service provider and the authentication device. 
[0037] According to another preferred embodiment of 
the computer program, the computer program is adapt- 
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ed to execute a verification of at least one of the identi- 
ties. 

[0038] According to another preferred embodiment of 
the computer program, an address of the authentication 
device is attributed to the user identity and the computer 
program is adapted to retrieve the address from a data- 
base. 

[0039] According to another preferred embodiment of 
the computer program, a keyword is attributed to the us- 
er identity and the computer program is adapted to re- 
trieve the keyword from a database and to initialize a 
transmission of the keyword to the authentication de- 
vice. 

[0040] According to another preferred embodiment of 
the computer program, the computer program is adapt- 
ed to apply an encryption or signature or time stamp to 
at least one of the identities or confirmations or request 
or to process encrypted or signed identities or to analyze 
a time stamp comprised in an identity or confirmation or 
request. 

[0041] In the following, detailed embodiments of the 
present invention shall be described in order to give the 
skilled person a full and complete understanding. How- 
ever, these embodiments are illustrative and not intend- 
ed to be limiting, as the scope of the invention is defined 
by the appended claims. 

[Brief description of the drawings] 

[0042] 

Fig. 1 a shows a flow-chart diagram of a method ac- 
cording to the present invention; 

Fig. 1b shows messages and processes of the 
method in Fig. 1a; 

Fig. 2 shows a first example for devices adapted to 
execute the invented method together with 
a corresponding message flow between the 
devices; 

Fig. 3 shows a second example for devices adapt- 
ed to execute the invented method together 
with a corresponding message flow between 
the devices. 

[Detailed description of the invention] 

[0043] The following description focuses on the steps 
associated with messages or processes for carrying out 
the invented method. Depending on the implementation 
or case, it may be advantageous to integrate additional 
steps like a confirmation of a step before the next step 
is carried out. One or more pre-initialization steps can 
ensure the inter-operability of the respective devices in- 
volved in the method. 

[0044] Communication between the devices involved 
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in the proposed method is described in the following by 
individual messages which can be integrated in a di alog. 
Such a dialog can comprise the steps of an initialisation 
of the dialog, a transmission of a message comprising 
5 the information, and an end of the dialog. Typically, the 
dialog is executed synchronously e.g. each step com- 
prising a message originating from a first party is ac- 
knowledged by a confirmation message by a second 
party receiving the message before a new message is 
10 sent. The initialisation of the dialog can accomplish the 
authentication of both parties and ensures that the in- 
formation is transmitted in a secure environment. Within 
the initialisation of the dialog, the parties can mutually 
agree on encryption or compression procedures. After 
15 successful initialisation of the dialog and transmission 
of the information, the end of dialog message confirms, 
that all previous messages have been transmitted in a 
complete and correct manner. Depending on the imple- 
mentation or case, also more than one message can be 

20 sent within one dialog. 

[0045] The exchange of information can be achieved 
over a fixed network like the Internet or a fixed telephone 
network like the Public Switched Telephone Network 
(PSTN) or the Integrated Services Digital Network (IS- 

25 DN) or wireless connections provided e.g. by InfraRed 
(IR), Bluetooth, the Global System for Mobile communi- 
cation (GSM), the Universal Mobile Telecommunication 
System (UMTS), or a Wireless Local Area Network 
(WLAN) or any combinations thereof. 

30 [0046] Consequently, the devices involved in the pro- 
posed method incorporate interfaces for the exchange 
of information. A receiving unit is employed for receiving 
messages and a transmitting unit for sending messag- 
es. In addition, the devices have the functionality of 

35 processing messages or information, e.g. to generate a 
new message or to extract information from a received 
message or to analyze information comprised in a mes- 
sage. Preferably, information is indicated at least to the 
user, e.g. by display on a screen or by voice output. Typ- 

40 ically, the user and the service provider SP are sub- 
scribed or registered to the proposed authentication 
mechanism, e.g. for storing and managing user and 
service provider SP related information by the authen- 
tication server AS and the service provider SP. Further- 

45 more, the following examples are described in the con- 
text that the authentication device AuD is a mobile 
phone attachable to a mobile communication network 
like GSM or UMTS. However, also other wireless and 
wired interconnection techniques may be used for con- 

50 necting the authentication device AuD to the authenti- 
cation server AS. 

[0047] An example for an authentication of a user to 
a service provider S P according to the present invention 
is depicted in Figure 1 a and 1 b. Figure 1 a shows a flow 
55 chart of the method whereas Figure 1 b reveals the cor- 
responding processes and message flows between the 
application device ApD, the service provider SP, the au- 
thentication server AS, and the authentication device 
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AuD. 

[0048] In a first step of the method, the application de- 
vice ApD requests a service for the user from the service 
provider SP and performs a transmission of the user 
identity S10 for identifying the user to the service pro- 
vider SP. The service provider SP executes a verifica- 
tion S15 of the received user identity for example by 
checking if the user identity matches a respective entry 
in a database of the service provider SP. This procedure 
gives indication to the service provider SP if the trans- 
mitted user identity is already registered or subscribed 
to the requested service. If no respective entry is found 
by the service provider SP, the service provider SP may 
request a repeated transmission of the user identity 
S10, deny the service access S100, or request a regis- 
tration. If necessary, the service provider SP can convert 
the identifier of the user identity for identifying the user 
to the authentication server AS. The service provider SP 
then selects a service identity attributed to the requested 
service for identifying the requested service to an au- 
thentication server AS. The service provider SP sends 
a request for the confirmation of the user identity S20 to 
the authentication server AS. The request comprises 
the user identity and the service identity for identifying 
the user and the service to the authentication server AS, 
respectively. 

[0049] The authentication server AS performs a veri- 
fication S30 of the received request in order to check if 
the user and the service are known to the authentication 
server AS and to convert the identifier of the service 
identity for indicating the requested service to the au- 
thentication device AuD if necessary. In addition, the au- 
thentication server AS comprises or has access to a da- 
tabase in which it searches for the address of the au- 
thentication device AuD of the user. If more than one 
address for the user identity is found, the authentication 
server AS may call for additional information to select 
the actual address of the authentication device AuD, e. 
g. by checking preference settings of the user indicating 
addresses for business and private use during certain 
day times or for specific services. Furthermore, the au- 
thentication server AS searches for a keyword attributed 
to the user identity and retrieves the keyword from the 
database according to the proposed method. 
[0050] The authentication server AS performs an au- 
thentication S40 of the authentication server AS to the 
authentication device AuD. In the preferred scenario, 
the authentication device AuD is a mobile phone com- 
prising a subscriber identity module (SIM) or wireless 
identity, module (WIM) unique for each subscription. 
Very efficient and secure authentication mechanisms 
are customary for accomplishing a mutual authentica- 
tion S40 between a mobile phone and a mobile operator. 
For the case the authentication server AS is operated 
by a mobile operator, further authentication between the 
devices, may be omitted. Else, authenticated and se- 
cured communication between the authentication serv- 
er AS and the mobile operator can be implemented us- 



ing further authentication mechanisms, e.g. via the SSL 
protocol. The authentication server AS provides the mo- 
bile operator with an identifier for identifying the user to 
the mobile operator. This identifier is preferably a M obile 
5 Station Integrated Services Digital Network (MSISDN) 
number of the user. 

[0051] After successful authentication S40 of the au- 
thentication server AS and the authentication device 
AuD, the authentication server AS generates a request 

10 for service authentication S50 comprising the service 
identity and the keyword. Preferably, the authentication 
server AS adds a time stamp to the request and fu rther 
protects the content of the request by applying an en- 
cryption and signature, e.g. using a public key of the us- 

is er and a private key of the authentication server AS, re- 
spectively, according to an asymmetric encryption fol- 
lowing the Rivest, Shamir & Adleman (RSA) encryption 
method or elliptic curve cryptography (ECC). The au- 
thentication server AS sends the request for service au- 

20 thentication S50 to the authentication device AuD. 

[0052] The authentication device AuD checks the sig- 
nature and decrypts the received request for service au- 
thentication S50 if necessary, e.g. by applying a corre- 
sponding public key of the authentication server AS and 

25 a corresponding private key of the user, respectively. 
Optionally, the time stamp is checked and the authenti- 
cation procedure is aborted if the time stamp is expired, 
e.g. when the duration between the date of issue of the 
time stamp and the check of the time stamp exceeds a 

30 time limit. The request for service authentication S50 is 
indicated to the user. The indicated request comprises 
in particular the keyword as well as the service identity 
and can be indicated on the display of the mobile phone 
of the user or by voice output. An example for such an 

35 indication is a phrase like "Authenticate ... 
KEYWORD... and... SERVICE ..." with KEYWORD be- 
ing the keyword and SERVICE being the name of the 
requested service known to the user Additionally, a date 
can be indicated, e.g. derived from a time stamp. The 

40 user is asked to confirm the indicated request by a pass- 
word, e.g. by typing in a PIN for authenticating the user 
to the authentication server AS. This PIN is preferably 
different to the PIN used for getting access to the au- 
thentication device AuD. If the user accepts the indicat- 
es ed information, he enters the PIN for confirmation. If he 
enters the correct PIN, the authentication device AuD is 
triggered to sign the service authentication confirmation 
S60. This signature confirms that the correct PIN has 
been entered and thus proves the identity of the user to 

50 the authentication server AS. Subsequently, the authen- 
tication device AuD performs a transmission S70 of the 
service authentication confirmation to the authentication 
server AS. 

[0053] Depending on the implementation of the pro- 
55 posed method, it may be advantageous to integrate the 
authentication S40, the request for service authentica- 
tion S50, the service authentication confirmation S60, 
and the transmission S70 of the service authentication 
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in a single dialog in order to reduce signaling effort be- 
tween the authentication server AS and the authentica- 
tion device AuD. 

[0054] The authentication server AS executes an 
analysis S80 of the received service authentication con- 
firmation S60 and authenticates the user by checking 
the correctness of the signature or password applied to 
the service authentication confirmation S60. The au- 
thentication server AS analyzes the content of the serv- 
ice authentication confirmation S60 in which an identifier 
can state the confirmation of the request for service au- 
thentication S50. The authentication server AS may 
check, if additional information, e.g. a time stamp, is in- 
cluded in the transmitted service authentication confir- 
mation S 60. It may optionally store data associated with 
the authentication procedure in a database for providing 
a history of authentication transactions or archival stor- 
age due to security reasons. 

[0055] Subsequently, the authentication server AS 
provides the service provider SP with a confirmation of 
the user identity S90, e.g. by giving a positive confirma- 
tion of the request for confirmation of the user identity 
S20, proving the authenticity of the user identity to the 
service provider SP. Finally, the service provider SP may 
grant service access S100 to the requested service or 
may ask for additional information. 
[0056] In Figure 2, a first example of a set of devices 
for executing the proposed method is depicted. In addi- 
tion, the flow of messages according to Figure 1 is 
shown. In this example, the application device ApD is 
embodied in a laptop computer with interfaces for send- 
ing and receiving messages like the transmission of the 
user identity S1 0 to the service provider SP or the grant 
of service access S100 by the service provider SP, re- 
spectively. The laptop incorporates a processing unit, e. 
g. for generation and processing of messages and in- 
4 formation for example for executing the requested serv- 
ice or performing an encryption of sent or decryption of 
received messages. Other functions are a keyboard for 
typing in a user identity and a monitor for displaying in- 
formation. 

[0057] The service provider SP is a server adapted to 
communicate with the application device ApD and the 
authentication server AS. Typically, a large number of 
application devices are served by such a server. The 
service provider SP also comprises interfaces in order 
to exchange messages with the application device ApD 
and the authentication server AS and a processing unit 
for processing of information and messages according 
to the proposed method. 

[0058] The authentication server AS comprises a re- 
ceiving unit and a transmitting unit for receiving and 
transmitting messages, respectively, according to the 
proposed method. Furthermore, the authentication 
server AS comprises a processing unit. Within the au- 
thentication server AS, the individual units are connect- 
ed such that messages received by the receiving unit 
are guided to the processing unit, whereas messages 
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originating from the processing unit are sent via the 
transmitting unit. Access to a database is accomplished 
by the processing unit. The database can be located in 
the authentication server or externally. 
5 [0059] The processing unit is adapted to verify the 
service identity and the user identity from a request for 
confirmation of the user identity S20, e.g. by checking 
if the received data matches a respective entry in the 
database. The processing unit is furthermore adapted 
10 to retrieve the address of the authentication device AuD 
and the keyword from the database and to execute the 
authentication S40 related steps of the communication 
with the authentication device AuD of the user, e.g. ini- 
tialization of a dialog, sending an identifier for identif ica- 
15 tion of the authentication server AS, receiving and ana- 
lyzing an identifier for identification of the authentication 
device AuD, and finalizing the dialog. Such identifiers 
are known by both devices and can be signed by a se- 
cret or private key according to symmetric or asymmet- 
20 ric encryption method, respectively. The processing unit 
is also adapted to encrypt or decrypt a sent or received 
identifier, respectively, or to apply a signature to a sent 
identifier or to check a signature of a received identifier, 
e.g. by applying an appropriate key. Also other tech- 
25 niques for authentication are possible and the process- 
ing unit may be adapted to execute other security mech- 
anisms like the establishment of a SSL-protected con- 
nection to the authentication device AuD or the service 
provider SP. 

30 [0060] In addition, the processing unit of the authen- 
tication server AS is adapted to generate a request for 
service authentication S50 comprising the service iden- 
tity for identifying the service to the authentication de- 
vice AuD of the user and the keyword for identifying the 
35 authentication server AS to the user and the transmitting 
unit is adapted to send the request to the authentication 
device AuD of the user. The receiving unit of the authen- 
tication server AS is adapted to receive a confirmation 
of the request and the processing unit of the authenti- 
40 cation server AS is adapted to execute an analysis S80 
of the confirmation. The processing unit of the authen- 
tication server AS is further adapted to generate a con- 
firmation for the user identity S90 based on the result of 
the analysis S80 and to send this confirmation to the 
45 service provider SP 

[0061] The authentication device AuD in Figure 2 is a 
mobile phone comprising a receiving unit for receiving 
messages like the request for the service authentication 
S50, and a transmitting unit for sending messages like 
50 the transmission S70 of the service authentication con- 
firmation. In the authentication S40, both the receiving 
unit as well as the transmitting unit are involved. The 
processing unit is adapted to process information, e.g. 
derived from the request for service authentication S50 
55 such thatthe request is indicated to the user. In addition, 
the keypad of the mobile phone can be used to confirm 
the request, e.g. by entering a PIN. Obviously, the 
processing unit can be adapted to apply an encryption 
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method for encryption and signatures. Alternatively, 
such an encryption method can be performed in the SIM 
card accessible by the processing unit of the mobile 
phone. 

[0062] A typical access situation according to Figure 
2 is the login to a service application on a computer net- 
work like the Internet. In this example, the user uses a 
mobile phone with WAP functionality as authentication 
device AuD and a computer as application device ApD. 
The user sends his user identity from the application de- 
vice ApD to the service provider SP t which contacts the 
authentication server AS with a request for confirmation 
of the user identity S20. The authentication server AS 
verifies the user and the service and retrieves the ad- 
dress of the authentication device AuD, which is in this 
example the MSISDN number of the WAP phone. In ad- 
dition, the authentication server AS retrieves the key- 
word. The authentication server AS contacts the au- 
thentication device AuD of the user by a WAP push mes- 
sage directing him to a Wireless Markup Language 
(WML) Script containing the command "signText". The 
generic text can be like "Authenticate ... KEYWORD ... 
and... SERVICE In order to sign the text, the user 
enters his signText PIN and the signature is sent back 
to the authentication server AS, which checks the cor- 
rectness of the signature. If the PIN has been correctly 
entered, the authentication server AS sends the confir- 
mation of the user identity S90 to the service provider 
SP, which may grant service access S100 for the appli- 
cation device ApD to the requested Internet service. 
[0063] In Figure 3, a further scenario is depicted. Here 
the user demands access to an application device ApD 
consisting of a physical access unit D shown as a locked 
door equipped with a unit for data entry KP, both con- 
nectable to the service provider SP for transmission of 
the user identity S1 0 and receiving a message or signal 
4or service access S100, respectively. Alternatively, the 
physical access unit D and the unit for data entry KP are 
: connectable to an intermediate device located for ex- 
* ample within the application device ApD establishing the 
communication with the service provider SP. The user 
enters his user identity e.g. by typing a number into a 
keypad. Alternatively, the unit for data entry KP may be 
a IR or Bluetooth receiving unit or an RF-tag reader. For 
such an access situation, the user can make use of the 
mobile phone, e.g. the one that he employs later in the 
authentication procedure as authentication device AuD, 
in order to send his user identity to the unit for data entry 
KP. This is indicated in Figure 3 by the transfer BO of the 
user identity. For carrying out the transfer BO, the mobile 
phone is equipped with a IR or Bluetooth transmitting 
unit or an RF-tag. However, also other connection tech- 
niques are possible for the transfer BO or generally for 
entering the user identity into the unit for data entry KP, 
e.g. by using a cable or a PDA-like hot-synchronization 
mechanism with a cradJe. For granting service access 
S1 00, the service provider SP sends a message or sig- 
nal to the application device ApD and thus unlocks the 
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door. Beside that, the other devices incorporated in the 
method like the service provider SP, the authentication 
server AS, and the authentication device AuD, and the 
corresponding message flow remain unchanged com- 

5 pared to Figure 2. 

[0064] The above embodiments admirably achieve 
the objects of the invention. However, it will be appreci- 
ated that departures can be made by those skilled in the 
art without departing from the scope of the invention 

10 which is limited only by the claims. 



Claims 

*5 1. A method for authentication of a user to a service 
provider (SP), wherein an application device (ApD) 
requests a service for the user from the service pro- 
vider (SP) and the service provider (SP) requests 
an authentication of the user by an authentication 

20 server (AS) before granting access to the requested 
service, wherein the following steps are performed: 

transmission of a user identity (S1 0) identifying 
the user to the service provider (SP), 

25 . transmission of a request for confirmation of the 
user identity (S20) to an authentication server 
(AS) with the request comprising the user iden- 
tity and a service identity identifying the re- 
quested service to the authentication server 

30 (AS), 

transmission of a request for service authenti- 
cation (S50) to an authentication device (AuD) 
of the user with the request for service authen- 
tication (S50) indicating the requested service 

35 to the authentication device (AuD), 

generation of a service authentication confir- 
mation (S60) confirming the request for service 
authentication (S50), 

transmission (S70) of the service authentica- 
te? tion confirmation to the authentication server 
(AS), 

analysis (S80) of the service authentication 
confirmation, 

confirmation of the user identity (S90) to the 
45 service provider (SP) according to the result of 

the analysis (S80), 

granting of service access (S100) to the user 
by the service provider (SP) according to the 
confirmation of the user identity (S90). 

50 

2. The method according to claim 1 , wherein an au- 
thentication is performed between at least one pair 
of devices from a group comprising the pairs: 

55 . the application device (ApD) and the service 
provider (SP), 

the service provider (SP) and the authentica- 
tion server (AS), 
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the authentication server (AS) and the authen- 
tication device (AuD). 

3. The method according to claim 1 or 2, wherein a 
verification of at least one of the identities is per- 5 
formed. 

4. 



5. The method according to any of the preceding 
claims, wherein a keyword for identifying the au- 15 
thentication server (AS) to the authentication device 
(AuD) is attributed to the user identity, the authen- 
tication server (AS) retrieves the keyword based on 

an analysis of the user identity and sends the key- 
word to the authentication device (AuD), which in- 20 
dicates the keyword. 

6. The method according to claim 5, wherein the key- 
word is included into the request for service authen- 
tication (S50). 25 

7. The method according to any of the preceding 
claims, wherein an encryption or signature or time 
stamp is applied at least to one of the identities or 
confirmations or requests. 30 

8. 



9. 



10. 



11. 



12. The method according to any of the claims 1 to 9, so 
wherein the application device (ApD) is a physical 
access unit (D) with a unit for data entry (KP). 

13. An authentication server (AS) comprising a receiv- 
ing unit, a transmitting unit, and a processing unit, 55 
wherein 

the receiving unit is adapted to receive a re- 



quest for confirmation of a user identity (S20) 
from a service provider (SP) with the request 
comprising the user identity and a service iden- 
tity identifying a service of the service provider 
(SP), 

the processing unit is adapted to generate a re- 
quest for service authentication indicating the 
service to an authentication device (AuD) of the 
user, 

the transmitting unit is adapted to send the re- 
quest for service authentication (S50) to the au- 
thentication device (AuD), 
the receiving unit is adapted to receive a serv- 
ice authentication confirmation from the au- 
thentication device (AuD) with the service au- 
thentication confirmation (S60) confirming the 
request for service authentication (S50), 
the processing unit is adapted to execute an 
analysis (S80) of the received service authen- 
tication confirmation and to generate a confir- 
mation of the user identity (S90) according to 
the result of the analysis (S80), the confirma- 
tion of the user identity (S90) confirming the 
identity of the user to the service provider (SP), 
the transmitting unit is adapted to send the con- 
firmation of the user identity (S90) to the service 
provider (SP). 

14. The authentication server (AS) according to claim 
13, wherein the processing unit is adapted to exe- 
cute an authentication with at least one device from 



the claims 1 3 to 1 6, wherein a keyword for identify- 
ing the authentication server (AS) to the authenti- 
cation device (AuD) is attributed to the user identity, 
the processing unit is adapted to retrieve the key- 
word from a database based on an analysis of the 
user identity and the transmitting unit is adapted to 
send the keyword to the authentication device 
(AuD). 

18. The authentication server (AS) according to any of 



The method according to any of the preceding 
claims, wherein an address of the authentication 
device (AuD) is attributed to the user identity and 10 
the authentication server (AS) retrieves the address 
based on an analysis of the user identity. 



The method according to any of the preceding 
claims, wherein the generation of the service au- 
thentication confirmation (S60) or the transmission 
(S70) of the service authentication confirmation re- 35 
quires an entering of a password. 

The method according to any of the preceding 
claims, wherein the authentication device (AuD) is 
a mobile phone. 40 

The method according to any of the preceding 
claims, wherein the application device (ApD) is a 
computer. 

45 

The method according to any of the claims 1 to 9, 
wherein the application device (ApD) is a payment 
device. 



a group comprising the service provider (SP) and 
the authentication device (AuD) and to exchange 
messages for the authentication via the receiving 
unit and the transmitting unit. 

15. The authentication server (AS) according to claim 
13 or 14, wherein the processing unit is adapted to 
execute a verification of at least one of the identities. 

16. The authentication server (AS) according to any of 
the claims 13 to 15, wherein an address of the au- 
thentication device (AuD) is attributed to the user 
identity and the processing unit is adapted to re- 
trieve the address from a database based on an 
analysis of the user identity. 

17. The authentication server (AS) according to any of 
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the claims 13 to 17, wherein the processing unit is 
adapted to apply an encryption or signature or time 
stamp to at least one of the identities or confirma- 
tions or requests or to process encrypted or signed 
identities or confirmations or requests or to analyze 
a time stamp comprised in an identity or confirma- 
tion or request. 

19. The authentication server (AS) according to any of 
the claims to 13 to 18, wherein the receiving unit 
and the transmitting unit are connectable to a mo- 
bile communication system. 

20. A computer program loadable into a processing unit 
of an authentication server (AS), wherein the com- 
puter program is adapted to perform the steps of 

processing of a request for confirmation of a us- 
er identity (S20) from a service provider (SP) 
with the request comprising the user identity 
identifying a user and a service identity identi- 
fying a service of the service provider (SP), 
generating a request for service authentication 
(S50) indicating the service to an authentica- 
tion device (AuD) of the user, 
initializing of a transmission of the request for 
service authentication (S50) to the authentica- 
tion device (AuD), 

executing an analysis (S80) of a service au- 
thentication confirmation from the authentica- 
tion device (AuD) with the service authentica- 
tion confirmation (S60) confirming the request 
for service authentication (S50), 
generating a confirmation of the user identity 
(S90) according to the result of the analysis 
(S80), the confirmation of the user identity 
(S90) confirming the identity of the user to the 
service provider (SP), 

initializing a transmission of the confirmation of 
the user identity (S90) to the service provider 
(SP). 

21. The computer program according to claim 20, 
wherein the computer program is adapted to gen- 
erate and process messages for an authentication 
with at least one device from a group comprising 
the service provider (SP) and the authentication de- 
vice (AuD). 

22. The computer program according to claim 20 or 21 , 
wherein the computer program is adapted to exe- 
cute a verification of at least one of the identities. 

23. The computer program according to any of the 
claims 20 to 22, wherein an address of the authen- 
tication device (AuD) is attributed to the user identity 
and the computer program is adapted to retrieve the 
address from a database. 



24. The computer program according to any o>f the 
claims 20 to 23, wherein a keyword is attributed to 
the user identity and the computer program is 
adapted to retrieve the keyword from a database 

5 and to initialize a transmission of the keyword to the 

authentication device (AuD). 

25. The computer program according to any of the 
claims 20 to 24, wherein the computer program is 

10 adapted to apply an encryption or signature or time 
stamp to at least one of the identities or confirma- 
tions or request or to process encrypted or signed 
identities or to analyze a time stamp comprised in 
an identity or confirmation or request. 
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